Qualys, a provider of cloud-based security and compliance solutions, announced enhancements to its cloud service Qualys Continuous Monitoring (CM) solution this week.
New features in the offering include automated alerts for changes in perimeter IP addresses, as well as a new API interface that enables integration of alerts into incident response systems and SIEMs such as Splunk and HP ArcSight.
Originally introduced in February 2014, Qualys Continuous Monitoring helps organizations proactively identify threats and unexpected changes in Internet-facing devices within their DMZ, cloud-based environments, and web applications.
Built on the Qualys Cloud Platform, Continuous Monitoring uses its elastic scanning capacity to dynamically scale to continuously scan networks of any size and scope, and instantly provide alerts as soon as an unauthorized change is detected.
“More and more customers are asking us to help them address ‘toxic combination’ type scenarios that can lead to compromises in their IT environments. An example of this could be a server that exhibits a combination of configurations or vulnerabilities that can make it susceptible to attacks,” said Philippe Courtot, Chairman and CEO of Qualys.
“Combining a continuous security approach that integrates alerts into the incident response system, enables customers to quickly address potential toxic combinations by alerting them when a critical change suddenly appears in their environment,” Courtot continued. “These alerts help to direct the information to the hands of first responders so they can immediately address and mitigate risk within their global perimeter.”
Common Event Format (CEF) Support is now included, Qualys said, which enables customers to use the CEF format to send events into all popular SIEM and incident response products and get email alerts delivered directly to their inbox.
In addition, the solution allows businesses to continuously monitor and respond to situations such as New Hosts, OS Changes on Existing Hosts, Open Ports/Services,SSL Certificates, Vulnerabilities Changes, and Software Changes.
“In an era of continuous compromise, enterprises need to shift from a mindset of “incident response” – wherein incidents are thought of as occasional, one-off events – to a mindset of continuous response – wherein attacks are relentless, hackers’ ability to penetrate systems and information is never fully blocked, and systems must be assumed to be continuously compromised, and this, they must be continuously monitored,” said Neil MacDonald, Vice President and Distinguished Analyst for Gartner.
Qualys Continuous Monitoring is available immediately and sold via annual subscription, based on the number of perimeter IPs. Pricing starts at $295 for small businesses and $1,995 for larger enterprises, and is sold as annual subscriptions based on the numbers of perimeter IPs being monitored.
Related Reading: Continuous Monitoring and the Confusion It Causes